diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/api_guard.rb | 2 | ||||
| -rw-r--r-- | lib/api/scope.rb | 23 |
2 files changed, 24 insertions, 1 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index 56f6da57555..0d2d71e336a 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -31,7 +31,7 @@ module API # the scopes are all aggregated. def allow_access_with_scope(scopes, options = {}) Array(scopes).each do |scope| - allowed_scopes << OpenStruct.new(name: scope.to_sym, if: options[:if]) + allowed_scopes << Scope.new(scope, options) end end diff --git a/lib/api/scope.rb b/lib/api/scope.rb new file mode 100644 index 00000000000..c23846d1e7d --- /dev/null +++ b/lib/api/scope.rb @@ -0,0 +1,23 @@ +# Encapsulate a scope used for authorization, such as `api`, or `read_user` +module API + class Scope + attr_reader :name, :if + + def initialize(name, options = {}) + @name = name.to_sym + @if = options[:if] + end + + # Are the `scopes` passed in sufficient to adequately authorize the passed + # request for the scope represented by the current instance of this class? + def sufficient?(scopes, request) + verify_if_condition(request) && scopes.include?(self.name) + end + + private + + def verify_if_condition(request) + self.if.nil? || self.if.call(request) + end + end +end |